Apple’s Data Center Defenses Breached by Attackers

Apple’s Development Center was temporarily knocked offline, last week, with company officials remaining conspicuously silent on the matter. Now, officials said they are investing a possible data center security breach. Developers recently received an email from the company that said an intruder tried to steal personal information of registered developers, but reassured readers that the information was encrypted and likely safe from further exploitation. Even so, the company said it cannot confirm if names, email addresses and other information may have been accessed, so it decided to completely overhaul the systems with new security software and a rebuild of the core database.

TechCrunch, which reported on the email, said it received additional information from Apple which said the hack only affected developer accounts, no credit card data was stolen. There is no timetable for when the Developer center will return yet. Officials said they waited so long to reveal the breach occurred in order to figure out what exactly was exposed with regard to the data.

“To developers, this means being unable to download the iOS or Mac OS X SDKs, as well as making development considerably more challenging, since new devices can’t easily be provisioned (read: authorized) for application testing,” the website said. “To would-be developers, this means being unable to sign up at all.”

PCWorld has reported that an independent security researcher claimed responsibility for the breach. Ibrahim Balic insisted that the vulnerability was reported to Apple, but engineers seemed to be in no particular hurry to address the highlighted issues. He said on Twitter that he did not act with malicious intent, but did extract user IDs, names and email addresses from the server.

Organizations have grown accustomed to similar reports of data center security provisions being overwhelmed by resourceful attackers, as a recent report from Infonetics Research found that enterprises will spend an average of $17 million on security solutions in 2013, up from $14.6 million in 2012. Jeff Wilson, principal analyst for security at Infonetics Research, wrote that while the security appliance landscape is starting to heat up, most buyers will likely continue to trust bigger names.

Another recent report, this one the 2013 Strategic Security Survey from InformationWeek, showed that 13 percent of companies believe they are actually more vulnerable than the previous year. This may not be the fault of lacking any cyber security technology, but perhaps lacking the most current technology, as 73 percent see mobility as a big threat with 75 percent admitting they could be ignorant of a breach happening to them. One professional said in this report that social media and mobile devices “broke the back” of infrastructure security, which means many businesses likely will need better data center security tools to be able to keep up with modern times.